weird DSL problem

[cellio]

We came home to no internet service tonight, but the failure mode is odd. We do have connectivity, but no DNS -- so that would be a well-understood problem, except that I can use ssh to get to my shell provide -- by name. I can also ping that host by name -- but I can't ping anything else by name. Does MacOS maintain some sort of cached state for ssh?

And when did browsers start rewriting IP addresses to domain names? I could visit my favorite web sites by IP address in principle, but when I type in an IP address the browser turns it into a domain name, tries to load that...and fails, because there's no DNS. WTF?

Verizon has been underwhelming so far, and I even mean compared to other Verizon experiences. At one point they said the line must be bad and they'd send a technician in a couple of days, then put us on hold for 10+ minutes. But how could it be a bad line if we have any connectivity at all? When the guy came back he said that there's an outage (previously he had said there wasn't), so with luck it'll come back on its own.

But if anybody reading this could tell me where to find some DNS servers that I'd be allowed to hit, I'd be grateful. I'm trying to find that on my own, but using the phone is slow going.

Comments

[rjmccall.livejournal.com]

When you connect to a host for the first time, ssh prompts you to verify the host's signature. In theory this is the opportunity to use a trusted source to verify that that is indeed the signature of the host you mean to connect to, but usually people just automatically accept that. Anyway, once you've done that, ssh basically turns the host name as you entered it into a record in ~/.ssh/known_hosts that includes the IP address and that signature; if the signature ever changes, it warns you that something weird's going on. In theory it could do the same sort of authentication for the IP address, but that would accomplish exactly nothing beyond (1) verifying that the DNS service has not been compromised (which is irrelevant, since that service is not otherwise a party to the connection) and (2) unnecessarily telling the DNS service that you might be ssh'ing somewhere, so it just doesn't bother.

[cellio]

Thanks for the explanation! Now that you mention it I do remember the verification step, not least because my provider changed an IP address several months ago and warned us that that would trigger this again.

[http://users.livejournal.com/merle_/]

..although the ssh known hosts shouldn't affect browsers because they have their own cache (or use the OS cache), both of which should respect the DNS timeout.

As for browsers rewriting IP addys into names, that's bizarre. I have not seen that, but I run Opera on an ancient OS.

[cellio]

I saw this in both Firefox 10 and Safari whatever-MacOS-thinks-is-current. I'd type in an IP address, the browser would say "connecting to (domain name)", and then it would fail. I gave you an IP address for a reason! Bah.

Mind, this was more benign than it would have been mere months ago: the smartphone enabled me to connect the laptop to the 4G network, bypassing Verizon. I wouldn't try that for more than an hour or so (I think I saw the battery indicator moving...), but it made a difference, and between ssh and the phone I had plenty of ways to get to email.

(But, whine, all the browser tabs were on the desktop machine. Cue the violins. :-) )